<?php
$db = new Database;
$auth = Auth::getAuth('current_user');
$user_id = $auth['id'];
$company_id = $auth['company_id'];
$username = $auth['username'];
$password = $auth['password'];
$userlevel_id = $auth['userlevel_id'];
if(isset($_POST['action'])){
    if($_POST['action']=="saveEditedUser"){
        $userFname = $_POST['userFname'];
        $uMiddlename = $_POST['uMiddlename'];
        $uLastname = $_POST['uLastname'];
        $uEmail = $_POST['uEmail'];
	$uCode = $_POST['uCode'];
	if($userlevel_id=="2"){
	    $a = empty($userFname)||empty($uLastname)||empty($uEmail);
	}else{
	    $a = empty($userFname)||empty($uLastname)||empty($uEmail)||empty($uCode);
	}
        if($a){
            echo "Please input your basic information to the fields.";
        }elseif(!VerifyMailAddress($uEmail)){
            echo "Wrong Email Format.";
        }else{
            $set = array("firstname"=>$userFname,
                        "middlename"=>$uMiddlename,
                        "lastname"=>$uLastname,
                        "email"=>$uEmail);
            $condition = array("id"=>$user_id);
            $db->update("tbuser",$set,$condition);
	    if($userlevel_id=="1"){
		// update company code
		$set = array("company_code"=>$uCode);
		$condition = array("id"=>$company_id);
		$db->update("tbcompany",$set,$condition);
	    }
            echo "Successfully updated.";
            // Auth
            $login = $db->query("SELECT *
                                    FROM tbuser
                                    WHERE id={$db->escape($user_id)} ","row");
            Auth::setAuth('current_user',$login);
            ?>
            <script type="text/javascript">
            $(document).ready(function(){
                $(".lbluserFname").html("<?php echo $userFname;?>");
                $(".lbluMiddlename").html("<?php echo $uMiddlename;?>");
                $(".lbluLastname").html("<?php echo $uLastname;?>");
                $(".lbluEmail").html("<?php echo $uEmail;?>");
		$(".lbluCode").html("<?php echo $uCode;?>");
            });
            </script>
            <?php
        }
    }elseif($_POST['action']=="editUsername"){
        $oldUsername = $_POST['oldUsername'];
        $newUsername = $_POST['newUsername'];
        if($newUsername==""){
            echo "Input your new Username.";
        }else{
            $set = array("username"=>$newUsername);
            $condition = array("id"=>$user_id);
            $db->update("tbuser",$set,$condition);
            // Auth
            $login = $db->query("SELECT *
                                    FROM tbuser
                                    WHERE id={$db->escape($user_id)} ","row");
            Auth::setAuth('current_user',$login);
            echo "Successfully Updated.";
        }
    }elseif($_POST['action']=="newPassword"){
	$new_password = md5($_POST['newPassword']);
	$oldPassword = md5($_POST['oldPassword']);
	if($password!=$oldPassword){
	    echo "no";
	}else{
	    $conditions = array("id"=>$user_id);
	    $fields = array("password"=>$new_password);
	    $db->update("tbuser",$fields,$conditions);
	    $login = $db->query("SELECT *
                                    FROM tbuser
                                    WHERE id={$db->escape($user_id)} ","row");
	    Auth::setAuth('current_user',$login);
	}
    }
}

?>